lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAEf4Bzb5NdQbZMPKAY8xKqVXy4DAWPhszW1pF4Afo==GQEoT0g@mail.gmail.com>
Date:   Tue, 22 Dec 2020 10:58:12 -0800
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Jesper Dangaard Brouer <brouer@...hat.com>
Cc:     bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        Daniel Borkmann <borkmann@...earbox.net>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Maciej Żenczykowski <maze@...gle.com>,
        Lorenz Bauer <lmb@...udflare.com>, shaun@...era.io,
        Lorenzo Bianconi <lorenzo@...nel.org>,
        Marek Majkowski <marek@...udflare.com>,
        John Fastabend <john.fastabend@...il.com>,
        Jakub Kicinski <kuba@...nel.org>, eyal.birger@...il.com,
        colrack@...il.com
Subject: Re: [PATCH bpf-next V10 7/7] bpf/selftests: tests using bpf_check_mtu BPF-helper

On Tue, Dec 22, 2020 at 8:23 AM Jesper Dangaard Brouer
<brouer@...hat.com> wrote:
>
> Adding selftest for BPF-helper bpf_check_mtu(). Making sure
> it can be used from both XDP and TC.
>
> V10:
>  - Remove errno non-zero test in CHECK_ATTR()
>  - Addresse comments from Andrii Nakryiko
>
> Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com>
> ---

Looks good, few minor nits below, feel free to address if you end up
with another revision.

Acked-by: Andrii Nakryiko <andrii@...nel.org>

>  tools/testing/selftests/bpf/prog_tests/check_mtu.c |  218 ++++++++++++++++++++
>  tools/testing/selftests/bpf/progs/test_check_mtu.c |  199 ++++++++++++++++++
>  2 files changed, 417 insertions(+)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/check_mtu.c
>  create mode 100644 tools/testing/selftests/bpf/progs/test_check_mtu.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/check_mtu.c b/tools/testing/selftests/bpf/prog_tests/check_mtu.c
> new file mode 100644
> index 000000000000..63f01c9e08d8
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/check_mtu.c
> @@ -0,0 +1,218 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2020 Jesper Dangaard Brouer */
> +
> +#include <linux/if_link.h> /* before test_progs.h, avoid bpf_util.h redefines */
> +
> +#include <test_progs.h>
> +#include "test_check_mtu.skel.h"
> +#include <network_helpers.h>

bit: test_progs and network_helpers should be included with "", not <>

> +
> +#include <stdlib.h>
> +#include <inttypes.h>
> +
> +#define IFINDEX_LO 1
> +
> +static __u32 duration; /* Hint: needed for CHECK macro */
> +
> +static int read_mtu_device_lo(void)
> +{
> +       const char *filename = "/sys/class/net/lo/mtu";
> +       char buf[11] = {};
> +       int value;
> +       int fd;
> +
> +       fd = open(filename, 0, O_RDONLY);
> +       if (fd == -1)
> +               return -1;
> +
> +       if (read(fd, buf, sizeof(buf)) == -1) {
> +               close(fd);
> +               return -2;
> +       }
> +       close(fd);

nit: imo, simpler to write:

err = read(...);
close(fd);
if (err == -1)
  return -2;

This way you don't need to close twice. But it's very minor.


> +
> +       value = strtoimax(buf, NULL, 10);
> +       if (errno == ERANGE)
> +               return -3;
> +
> +       return value;
> +}
> +

[...]

> +       CHECK(link_info.type != BPF_LINK_TYPE_XDP, "link_type",
> +             "got %u != exp %u\n", link_info.type, BPF_LINK_TYPE_XDP);
> +       CHECK(link_info.xdp.ifindex != IFINDEX_LO, "link_ifindex",
> +             "got %u != exp %u\n", link_info.xdp.ifindex, IFINDEX_LO);
> +
> +       err = bpf_link__detach(link);
> +       CHECK(err, "link_detach", "failed %d\n", err);
> +

unless you explicitly want to test this force-detach, destroying the
link (through destroying skeleton) would detach the program just fine.


> +out:
> +       test_check_mtu__destroy(skel);
> +}
> +

[...]

> +
> +SEC("xdp")
> +int xdp_exceed_mtu(struct xdp_md *ctx)
> +{
> +       void *data_end = (void *)(long)ctx->data_end;
> +       void *data = (void *)(long)ctx->data;
> +       __u32 ifindex = GLOBAL_USER_IFINDEX;
> +       __u32 data_len = data_end - data;
> +       int retval = XDP_ABORTED; /* Fail */
> +       __u32 mtu_len = 0;
> +

nit: unnecessary empty line inside variable declaration block

> +       int delta;
> +       int err;
> +
> +       /* Exceed MTU with 1 via delta adjust */
> +       delta = GLOBAL_USER_MTU - (data_len - ETH_HLEN) + 1;
> +
> +       err = bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0);
> +       if (err) {
> +               retval = XDP_PASS; /* Success in exceeding MTU check */
> +               if (err != BPF_MTU_CHK_RET_FRAG_NEEDED)
> +                       retval = XDP_DROP;
> +       }
> +
> +       global_bpf_mtu_xdp = mtu_len;
> +       return retval;
> +}
> +

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ